Busting the myths about cyber hacks: “It won’t happen to me”

Recent headlines about drug firms and research groups being targeted by state sponsored hackers highlights the very real cyber threats to which we’re all exposed, particularly pharmaceutical and R&D organisations.

How significant are the dangers, and what can be done to protect networks and the critical data that resides on them? What role can cyber insurance play in mitigating these risks?

According to the BBC, the hackers used malware called WellMess and WellMails to access the vaccine data. This was then accompanied by targeted email “Phishing” attacks which are designed to trick unsuspecting researchers into handing over information helpful to the hackers.

Such attacks can result in theft, or even destruction of, critical data, and researchers may be locked-out of their computer networks, meaning that they are unable to access the information they need. Additionally, many modern laboratories use equipment that can be controlled remotely over a network, so hackers who are able to take control of networks could theoretically impair those experiments, rendering any results unreliable and setting back vital research.

The implications on the urgent international effort to find a Coronavirus vaccine are obvious.

Luckily, in this instance, it seems that network security controls performed well, with the BBC reporting that vaccine research had not been hindered by these assaults. But given the nature of such hacks, it may be some time before the true extent of any damage becomes clear.

The London insurance market has pioneered the development and evolution of cyber insurance, which is designed to protect organisations against the financial, legal and technical challenges that accompany hacking attacks of this nature.

How does this form of insurance operate and what benefit could it be to pharma and R&D companies?

A cyber insurance policy primarily acts as a breach response service. With the pharma or R&D policyholder being connected with a dedicated breach manager who will triage their cyber event, consult on the most effective way of responding to the attack, and then manage the technical response – with all costs being directly billed to the insurer.

This involves the appointment of an expert IT forensics team to support the organisation in identifying the cause of the intrusion, and correcting the network breach. If the organisation does not have insurance, this is often a very expensive cost for them to carry themselves. Identifying the expertise required and negotiating a rate for the work is not something most organisations will have time for immediately following an attack.

Insurers and their panel of specialist service providers can help in other ways, such as:
  • Public Relations advisers, helping the organisation to deal with press enquiries;
  • Lawyers, who will represent the organisation if it’s sued for data breach, or even investigated by a regulator;
  • Notification costs, where the insurer picks up the considerable cost of notifying any third parties whose data has been breach;
  • Repair & recovery, insurers picking up the cost of replacing or repairing networks or recovery data affected by the intrusion;
  • Revenue interruption, where insurers pay for any impact to organisation’s bottom-line

However, it’s not all plain sailing.

There’s no standardisation in cyber insurance. In general, terminology is complex and different insurers offer varying levels and scope of protection.

In fact, some insurers have sought to deny cyber claims involving state-sponsored hackers on the basis that such actions constitute a form of cyber warfare between nation states. They’ve argued that the “War” exclusion, commonly appearing in insurance policies, excuses them from paying.

Whereas other insurers have refuted claims on the basis that they’re unwilling to provide coverage for Terrorist activity – arguing that some cyber attacks are performed by known terrorist groups.

It certainly pays to work with an insurance adviser who really understands this space. They can provide support in identifying risks, as well as having the granular knowledge of the marketplace.

Get the best cyber insurance advice

Partners& works only with cyber insurers who have committed to pay cyber claims, regardless of whether they were perpetrated by criminal organisations, terrorist gangs or nation states.

We can also help organisations to understand what their specific network vulnerabilities are, by analysing their network and RAG-rating the potential vulnerabilities in a plain-English report.

This information helps to tailor the insurance solutions that we build. We work with insurers who not only provide the broadest coverage available, but who provide added-value with pre-breach risk management as well as post-breach support.

Matthew Clark

Partner - Business Development, Science & Technology